|
BEA Systems, Inc. | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object | +--weblogic.security.providers.authentication.DefaultUserNameMapperImpl
Implementation of the UserNameMapper interface used to perform certificate-based and distinguished name user authentication via configuration attributes. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated secure connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password. Distinguished name authentication can be performed via CSIv2 identity assertion.
To use this implementation in the Default Identity Asserter, use the Administration Console to display the DefaultIdentityAsserter Details tab and set the Use Default User Name Mapper check box to on. Then (also on the Details tab) to configure which attributes in the distinguished name are to be used to map to the username, set the Default User Name Mapper Attribute Type: and Default User Name Mapper Attribute Delimiter: fields to the desired values. For example, if you want to use the name in the Email address in the subject distinguished name to map to the username, select the values E and @. For an Email value of smith@bea.com, smith would be mapped to the username.
| Constructor Summary | |
DefaultUserNameMapperImpl(java.lang.String subjectDNAttribute,
java.lang.String attributeDelimiter)
Creates the DefaultUserNameMapper implementation. |
|
| Method Summary | |
java.lang.String |
mapCertificateToUserName(java.security.cert.X509Certificate[] certs,
boolean ssl)
Maps a certificate to a username based on a certificate chain presented. |
java.lang.String |
mapDistinguishedNameToUserName(byte[] distinguishedName)
Map a X.501 distinguished name to a username based on the distinguished name attributes and values. |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
| Constructor Detail |
public DefaultUserNameMapperImpl(java.lang.String subjectDNAttribute,
java.lang.String attributeDelimiter)
subjectDNAttribute - The attribute in the subject DN (distinguished name) from the certificate
that should be used in the mapping from certificate to username. This
should be a value such as "ST", "E", or "CN".attributeDelimiter - The delimiter to use as the end of the username
in the mapping. For example, "@" in the value "E=smith@bea.com".| Method Detail |
public java.lang.String mapCertificateToUserName(java.security.cert.X509Certificate[] certs,
boolean ssl)
certs - certificate chain presented by the client. An array
of length at least 1. The first certificate is the leaf
(i.e. end user's) certificate. If the length is greater
than 1, the array is a certificate chain, with the last element
being the root CA.ssl - true if the certificates to check were presented by the
client during a successful two-way SSL handshake.public java.lang.String mapDistinguishedNameToUserName(byte[] distinguishedName)
distinguishedName - ASN.1 encoding of a X.501 distinguished name.
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81 |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||